@vorionsys/contracts 0.1.0

package/dist/aci/jwt-claims.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-claims.d.ts","sourceRoot":"","sources":["../../src/aci/jwt-claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,KAAK,UAAU,EAAyB,MAAM,cAAc,CAAC;AACtE,OAAO,EAAE,eAAe,EAAyB,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAA2B,WAAW,EAAqB,MAAM,YAAY,CAAC;AACxG,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAMjD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,cAAc;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,eAAe;IACf,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,uCAAuC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,iCAAiC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;EAQlC,CAAC;AAMH;;;;;;;;;GASG;AACH,MAAM,WAAW,YAAa,SAAQ,iBAAiB;IACrD,4DAA4D;IAC5D,GAAG,EAAE,MAAM,CAAC;IACZ,8CAA8C;IAC9C,WAAW,EAAE,MAAM,CAAC;IACpB,yCAAyC;IACzC,gBAAgB,EAAE,UAAU,EAAE,CAAC;IAC/B,uBAAuB;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B;;;;OAIG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC;IAC9B,eAAe;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iDAAiD;IACjD,gBAAgB,CAAC,EAAE,WAAW,CAAC;IAC/B,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IACzC,8CAA8C;IAC9C,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,8CAA8C;IAC9C,eAAe,CAAC,EAAE,mBAAmB,CAAC;CACvC;AAED;;GAEG;AACH;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,iBAAiB;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,iDAAiD;IACjD,IAAI,EAAE,iBAAiB,CAAC;IACxB,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gCAAgC;IAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,gCAAgC;IAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0CAA0C;IAC1C,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,yBAAyB;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;EAOpC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;EAOpC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgB7B,CAAC;AAMH;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,iBAAiB;IACjB,MAAM,EAAE,SAAS,CAAC;IAClB,2BAA2B;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,8BAA8B;IAC9B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,oCAAoC;IACpC,YAAY,CAAC,EAAE,mBAAmB,EAAE,CAAC;IACrC,oCAAoC;IACpC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,6BAA6B;IAC7B,WAAW,CAAC,EAAE,mBAAmB,CAAC;CACnC;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,YAAY,CA6CjF;AAED;;;;;;;;;GASG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,YAAY,CAgBtF;AAMD;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,iBAAiB;IACjB,IAAI,EAAE,kBAAkB,CAAC;IACzB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,aAAa,GACb,aAAa,GACb,SAAS,GACT,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,cAAc,GACd,kBAAkB,GAClB,gBAAgB,CAAC;AAErB;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,mCAAmC;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,wBAAwB;IACxB,MAAM,EAAE,wBAAwB,EAAE,CAAC;IACnC,kCAAkC;IAClC,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,OAAO,EACf,OAAO,GAAE;IACP,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAC9B,GACL,yBAAyB,CA6D3B;AAMD;;;;;;;;GAQG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,YAAY,GAAG;IACjE,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,eAAe,CAAC;IACvB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B,CAQA;AAED;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,YAAY,GAAG;IAC/D,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB,CASA;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAMlF;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,YAAY,EACpB,YAAY,EAAE;IACZ,OAAO,CAAC,EAAE,UAAU,EAAE,CAAC;IACvB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,oBAAoB,CAAC,EAAE,iBAAiB,CAAC;IACzC,cAAc,CAAC,EAAE,WAAW,CAAC;CAC9B,GACA,OAAO,CAkCT;AAMD;;GAEG;AACH,eAAO,MAAM,gCAAgC;;;;;;;;;EAG3C,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;EAczC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAI1C,CAAC"}

package/dist/aci/jwt-claims.js

@@ -0,0 +1,335 @@
+/**
+ * @fileoverview ACI JWT Claims for OpenID Connect
+ *
+ * Defines JWT claim structures for ACI-aware authentication and authorization.
+ * These claims extend standard OIDC claims with ACI-specific information,
+ * enabling capability-based access control in JWT tokens.
+ *
+ * @module @vorion/contracts/aci/jwt-claims
+ */
+import { z } from 'zod';
+import { domainCodeArraySchema } from './domains.js';
+import { capabilityLevelSchema } from './levels.js';
+import { CertificationTier, certificationTierSchema, runtimeTierSchema } from './tiers.js';
+/**
+ * Zod schema for StandardJWTClaims.
+ */
+export const standardJWTClaimsSchema = z.object({
+    iss: z.string().optional(),
+    sub: z.string().optional(),
+    aud: z.union([z.string(), z.array(z.string())]).optional(),
+    exp: z.number().int().positive().optional(),
+    nbf: z.number().int().positive().optional(),
+    iat: z.number().int().positive().optional(),
+    jti: z.string().optional(),
+});
+/**
+ * Zod schema for ACIAttestationClaim.
+ */
+export const aciAttestationClaimSchema = z.object({
+    iss: z.string().min(1),
+    tier: certificationTierSchema,
+    scope: z.string().min(1),
+    iat: z.number().int().positive(),
+    exp: z.number().int().positive(),
+    evidence: z.string().url().optional(),
+});
+/**
+ * Zod schema for ACIConstraintsClaim.
+ */
+export const aciConstraintsClaimSchema = z.object({
+    max_operations: z.number().int().positive().optional(),
+    allowed_resources: z.array(z.string()).optional(),
+    blocked_resources: z.array(z.string()).optional(),
+    valid_until: z.number().int().positive().optional(),
+    requires_approval: z.boolean().optional(),
+    custom: z.record(z.unknown()).optional(),
+});
+/**
+ * Zod schema for ACIJWTClaims validation.
+ */
+export const aciJWTClaimsSchema = standardJWTClaimsSchema.extend({
+    aci: z.string().min(1),
+    aci_domains: z.number().int().min(0),
+    aci_domains_list: domainCodeArraySchema,
+    aci_level: capabilityLevelSchema,
+    // aci_trust is optional - comes from attestations, not the ACI itself
+    aci_trust: certificationTierSchema.optional(),
+    aci_registry: z.string().min(1),
+    aci_org: z.string().min(1),
+    aci_class: z.string().min(1),
+    aci_version: z.string().regex(/^\d+\.\d+\.\d+$/),
+    aci_did: z.string().optional(),
+    aci_runtime_tier: runtimeTierSchema.optional(),
+    aci_attestations: z.array(aciAttestationClaimSchema).optional(),
+    aci_permission_ceiling: z.number().int().min(0).max(7).optional(),
+    aci_constraints: aciConstraintsClaimSchema.optional(),
+});
+/**
+ * Generates JWT claims from a parsed ACI.
+ *
+ * @param options - Generation options
+ * @returns ACI JWT claims
+ *
+ * @example
+ * ```typescript
+ * const claims = generateJWTClaims({
+ *   parsed: parseACI('a3i.acme-corp.invoice-bot:ABF-L3@1.0.0'),
+ *   did: 'did:web:agent.acme.com',
+ *   issuer: 'did:web:auth.acme.com',
+ *   validitySeconds: 3600,
+ * });
+ * ```
+ */
+export function generateJWTClaims(options) {
+    const { parsed, did, issuer, audience, validitySeconds = 3600, runtimeTier, attestations, permissionCeiling, constraints, } = options;
+    const now = Math.floor(Date.now() / 1000);
+    return {
+        // Standard claims
+        iss: issuer,
+        sub: did ?? parsed.aci,
+        aud: audience,
+        iat: now,
+        nbf: now,
+        exp: now + validitySeconds,
+        jti: crypto.randomUUID(),
+        // ACI claims (identity only - trust comes from attestations)
+        aci: parsed.aci,
+        aci_domains: parsed.domainsBitmask,
+        aci_domains_list: [...parsed.domains],
+        aci_level: parsed.level,
+        // NOTE: aci_trust is derived from attestations, not the ACI
+        // Compute highest valid attestation tier if attestations provided
+        aci_trust: attestations && attestations.length > 0
+            ? Math.max(...attestations.map((a) => a.tier))
+            : undefined,
+        aci_registry: parsed.registry,
+        aci_org: parsed.organization,
+        aci_class: parsed.agentClass,
+        aci_version: parsed.version,
+        aci_did: did,
+        aci_runtime_tier: runtimeTier,
+        aci_attestations: attestations,
+        aci_permission_ceiling: permissionCeiling,
+        aci_constraints: constraints,
+    };
+}
+/**
+ * Generates minimal JWT claims from a parsed ACI.
+ *
+ * NOTE: aci_trust is NOT included because trust comes from attestations,
+ * not the ACI itself. Use generateJWTClaims with attestations for full claims.
+ *
+ * @param parsed - Parsed ACI
+ * @param did - Optional agent DID
+ * @returns Minimal ACI JWT claims (without trust tier)
+ */
+export function generateMinimalJWTClaims(parsed, did) {
+    const now = Math.floor(Date.now() / 1000);
+    return {
+        iat: now,
+        aci: parsed.aci,
+        aci_domains: parsed.domainsBitmask,
+        aci_domains_list: [...parsed.domains],
+        aci_level: parsed.level,
+        // aci_trust intentionally omitted - comes from attestations at runtime
+        aci_registry: parsed.registry,
+        aci_org: parsed.organization,
+        aci_class: parsed.agentClass,
+        aci_version: parsed.version,
+        aci_did: did,
+    };
+}
+/**
+ * Validates ACI JWT claims.
+ *
+ * @param claims - Claims to validate
+ * @param options - Validation options
+ * @returns Validation result
+ *
+ * @example
+ * ```typescript
+ * const result = validateJWTClaims(claims, {
+ *   checkExpiry: true,
+ *   validateDomainsMismatch: true,
+ * });
+ * ```
+ */
+export function validateJWTClaims(claims, options = {}) {
+    const errors = [];
+    const { checkExpiry = true, validateDomainsMismatch = true } = options;
+    // Parse with Zod
+    const parseResult = aciJWTClaimsSchema.safeParse(claims);
+    if (!parseResult.success) {
+        return {
+            valid: false,
+            errors: parseResult.error.issues.map((issue) => ({
+                code: 'INVALID_FORMAT',
+                message: issue.message,
+                path: issue.path.join('.'),
+            })),
+        };
+    }
+    const parsed = parseResult.data;
+    const now = Math.floor(Date.now() / 1000);
+    // Check expiry
+    if (checkExpiry) {
+        if (parsed.exp && parsed.exp < now) {
+            errors.push({
+                code: 'EXPIRED',
+                message: `Token expired at ${new Date(parsed.exp * 1000).toISOString()}`,
+            });
+        }
+        if (parsed.nbf && parsed.nbf > now) {
+            errors.push({
+                code: 'NOT_YET_VALID',
+                message: `Token not valid until ${new Date(parsed.nbf * 1000).toISOString()}`,
+            });
+        }
+    }
+    // Validate domains bitmask matches domains list
+    if (validateDomainsMismatch) {
+        const expectedBitmask = parsed.aci_domains_list.reduce((mask, code) => {
+            const bits = {
+                A: 0x001, B: 0x002, C: 0x004, D: 0x008, E: 0x010,
+                F: 0x020, G: 0x040, H: 0x080, I: 0x100, S: 0x200,
+            };
+            return mask | bits[code];
+        }, 0);
+        if (expectedBitmask !== parsed.aci_domains) {
+            errors.push({
+                code: 'DOMAINS_MISMATCH',
+                message: `Domain bitmask ${parsed.aci_domains} does not match domains list (expected ${expectedBitmask})`,
+            });
+        }
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        claims: errors.length === 0 ? parsed : undefined,
+    };
+}
+// ============================================================================
+// JWT Claims Extraction
+// ============================================================================
+/**
+ * Extracts capability information from JWT claims.
+ *
+ * NOTE: certificationTier is optional because it comes from attestations,
+ * not the ACI. If no attestations are present, it will be undefined.
+ *
+ * @param claims - ACI JWT claims
+ * @returns Capability information
+ */
+export function extractCapabilityFromClaims(claims) {
+    return {
+        domains: claims.aci_domains_list,
+        domainsBitmask: claims.aci_domains,
+        level: claims.aci_level,
+        certificationTier: claims.aci_trust, // Optional - from attestations
+        runtimeTier: claims.aci_runtime_tier,
+    };
+}
+/**
+ * Extracts identity information from JWT claims.
+ *
+ * @param claims - ACI JWT claims
+ * @returns Identity information
+ */
+export function extractIdentityFromClaims(claims) {
+    return {
+        aci: claims.aci,
+        did: claims.aci_did,
+        registry: claims.aci_registry,
+        organization: claims.aci_org,
+        agentClass: claims.aci_class,
+        version: claims.aci_version,
+    };
+}
+/**
+ * Checks if claims have specific domain capability.
+ *
+ * @param claims - ACI JWT claims
+ * @param domain - Domain to check
+ * @returns True if the domain is present
+ */
+export function claimsHaveDomain(claims, domain) {
+    const bits = {
+        A: 0x001, B: 0x002, C: 0x004, D: 0x008, E: 0x010,
+        F: 0x020, G: 0x040, H: 0x080, I: 0x100, S: 0x200,
+    };
+    return (claims.aci_domains & bits[domain]) !== 0;
+}
+/**
+ * Checks if claims meet minimum capability requirements.
+ *
+ * @param claims - ACI JWT claims
+ * @param requirements - Minimum requirements
+ * @returns True if requirements are met
+ */
+export function claimsMeetRequirements(claims, requirements) {
+    // Check domains
+    if (requirements.domains) {
+        for (const domain of requirements.domains) {
+            if (!claimsHaveDomain(claims, domain)) {
+                return false;
+            }
+        }
+    }
+    // Check level
+    if (requirements.minLevel !== undefined && claims.aci_level < requirements.minLevel) {
+        return false;
+    }
+    // Check certification tier (comes from attestations, may be undefined)
+    if (requirements.minCertificationTier !== undefined) {
+        // If no attestation-based trust, treat as T0 (sandbox)
+        const effectiveTrust = claims.aci_trust ?? CertificationTier.T0_SANDBOX;
+        if (effectiveTrust < requirements.minCertificationTier) {
+            return false;
+        }
+    }
+    // Check runtime tier
+    if (requirements.minRuntimeTier !== undefined &&
+        claims.aci_runtime_tier !== undefined &&
+        claims.aci_runtime_tier < requirements.minRuntimeTier) {
+        return false;
+    }
+    return true;
+}
+// ============================================================================
+// Zod Schemas for Validation
+// ============================================================================
+/**
+ * Zod schema for JWT claims validation options.
+ */
+export const jwtClaimsValidationOptionsSchema = z.object({
+    checkExpiry: z.boolean().optional(),
+    validateDomainsMismatch: z.boolean().optional(),
+});
+/**
+ * Zod schema for JWTClaimsValidationError.
+ */
+export const jwtClaimsValidationErrorSchema = z.object({
+    code: z.enum([
+        'MISSING_ACI',
+        'INVALID_ACI',
+        'EXPIRED',
+        'NOT_YET_VALID',
+        'INVALID_DOMAINS',
+        'INVALID_LEVEL',
+        'INVALID_TIER',
+        'DOMAINS_MISMATCH',
+        'INVALID_FORMAT',
+    ]),
+    message: z.string(),
+    path: z.string().optional(),
+});
+/**
+ * Zod schema for JWTClaimsValidationResult.
+ */
+export const jwtClaimsValidationResultSchema = z.object({
+    valid: z.boolean(),
+    errors: z.array(jwtClaimsValidationErrorSchema),
+    claims: aciJWTClaimsSchema.optional(),
+});
+//# sourceMappingURL=jwt-claims.js.map

package/dist/aci/jwt-claims.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-claims.js","sourceRoot":"","sources":["../../src/aci/jwt-claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAmB,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACtE,OAAO,EAAmB,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAe,iBAAiB,EAAE,MAAM,YAAY,CAAC;AA2BxG;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1D,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC3C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC3C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC3C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3B,CAAC,CAAC;AA2FH;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtB,IAAI,EAAE,uBAAuB;IAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACtD,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACnD,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACzC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,MAAM,CAAC;IAC/D,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,gBAAgB,EAAE,qBAAqB;IACvC,SAAS,EAAE,qBAAqB;IAChC,sEAAsE;IACtE,SAAS,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAC7C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC;IAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,gBAAgB,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IAC9C,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,QAAQ,EAAE;IAC/D,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjE,eAAe,EAAE,yBAAyB,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AA8BH;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,MAAM,EACJ,MAAM,EACN,GAAG,EACH,MAAM,EACN,QAAQ,EACR,eAAe,GAAG,IAAI,EACtB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,WAAW,GACZ,GAAG,OAAO,CAAC;IAEZ,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,OAAO;QACL,kBAAkB;QAClB,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG;QACtB,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,eAAe;QAC1B,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;QAExB,6DAA6D;QAC7D,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,WAAW,EAAE,MAAM,CAAC,cAAc;QAClC,gBAAgB,EAAE,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;QACrC,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,4DAA4D;QAC5D,kEAAkE;QAClE,SAAS,EAAE,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC;YAChD,CAAC,CAAE,IAAI,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAuB;YACrE,CAAC,CAAC,SAAS;QACb,YAAY,EAAE,MAAM,CAAC,QAAQ;QAC7B,OAAO,EAAE,MAAM,CAAC,YAAY;QAC5B,SAAS,EAAE,MAAM,CAAC,UAAU;QAC5B,WAAW,EAAE,MAAM,CAAC,OAAO;QAC3B,OAAO,EAAE,GAAG;QACZ,gBAAgB,EAAE,WAAW;QAC7B,gBAAgB,EAAE,YAAY;QAC9B,sBAAsB,EAAE,iBAAiB;QACzC,eAAe,EAAE,WAAW;KAC7B,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAAiB,EAAE,GAAY;IACtE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,OAAO;QACL,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,WAAW,EAAE,MAAM,CAAC,cAAc;QAClC,gBAAgB,EAAE,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;QACrC,SAAS,EAAE,MAAM,CAAC,KAAK;QACvB,uEAAuE;QACvE,YAAY,EAAE,MAAM,CAAC,QAAQ;QAC7B,OAAO,EAAE,MAAM,CAAC,YAAY;QAC5B,SAAS,EAAE,MAAM,CAAC,UAAU;QAC5B,WAAW,EAAE,MAAM,CAAC,OAAO;QAC3B,OAAO,EAAE,GAAG;KACb,CAAC;AACJ,CAAC;AA4CD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAe,EACf,UAGI,EAAE;IAEN,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,MAAM,EAAE,WAAW,GAAG,IAAI,EAAE,uBAAuB,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAEvE,iBAAiB;IACjB,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEzD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAC/C,IAAI,EAAE,gBAAyB;gBAC/B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;aAC3B,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE1C,eAAe;IACf,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,oBAAoB,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;aACzE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,yBAAyB,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;aAC9E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;YACpE,MAAM,IAAI,GAA+B;gBACvC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK;gBAChD,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK;aACjD,CAAC;YACF,OAAO,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC,EAAE,CAAC,CAAC,CAAC;QAEN,IAAI,eAAe,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,kBAAkB,MAAM,CAAC,WAAW,0CAA0C,eAAe,GAAG;aAC1G,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;KACjD,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAoB;IAO9D,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,gBAAgB;QAChC,cAAc,EAAE,MAAM,CAAC,WAAW;QAClC,KAAK,EAAE,MAAM,CAAC,SAAS;QACvB,iBAAiB,EAAE,MAAM,CAAC,SAAS,EAAE,+BAA+B;QACpE,WAAW,EAAE,MAAM,CAAC,gBAAgB;KACrC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAoB;IAQ5D,OAAO;QACL,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,OAAO;QACnB,QAAQ,EAAE,MAAM,CAAC,YAAY;QAC7B,YAAY,EAAE,MAAM,CAAC,OAAO;QAC5B,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,OAAO,EAAE,MAAM,CAAC,WAAW;KAC5B,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAoB,EAAE,MAAkB;IACvE,MAAM,IAAI,GAA+B;QACvC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK;QAChD,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK;KACjD,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAoB,EACpB,YAKC;IAED,gBAAgB;IAChB,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1C,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;gBACtC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,cAAc;IACd,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,IAAI,MAAM,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;QACpF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uEAAuE;IACvE,IAAI,YAAY,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;QACpD,uDAAuD;QACvD,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,IAAI,iBAAiB,CAAC,UAAU,CAAC;QACxE,IAAI,cAAc,GAAG,YAAY,CAAC,oBAAoB,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IACE,YAAY,CAAC,cAAc,KAAK,SAAS;QACzC,MAAM,CAAC,gBAAgB,KAAK,SAAS;QACrC,MAAM,CAAC,gBAAgB,GAAG,YAAY,CAAC,cAAc,EACrD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IACrD,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QACX,aAAa;QACb,aAAa;QACb,SAAS;QACT,eAAe;QACf,iBAAiB;QACjB,eAAe;QACf,cAAc;QACd,kBAAkB;QAClB,gBAAgB;KACjB,CAAC;IACF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE;IAClB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC;IAC/C,MAAM,EAAE,kBAAkB,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC"}

package/dist/aci/levels.d.ts

@@ -0,0 +1,279 @@
+/**
+ * @fileoverview ACI Capability Levels (L0-L7)
+ *
+ * Defines the autonomy/capability levels used in ACI strings. Levels represent
+ * what actions an agent is permitted to perform, ranging from read-only
+ * observation (L0) to full autonomy (L7).
+ *
+ * The 8-tier system (L0-L7) maps to trust bands:
+ * - L0: Observe - Read-only access (Sandbox tier)
+ * - L1: Advise - Suggest and recommend (Observed tier)
+ * - L2: Draft - Prepare changes for review (Provisional tier)
+ * - L3: Execute - Execute with approval (Monitored tier)
+ * - L4: Autonomous - Self-directed within bounds (Standard tier)
+ * - L5: Trusted - Expanded autonomy (Trusted tier)
+ * - L6: Certified - Independent operation (Certified tier)
+ * - L7: Sovereign - Full autonomy (Autonomous tier)
+ *
+ * @module @vorion/contracts/aci/levels
+ */
+import { z } from 'zod';
+/**
+ * Capability levels defining agent autonomy.
+ *
+ * Levels form a hierarchy where higher levels include the capabilities
+ * of all lower levels:
+ *
+ * - L0: Read-only access, monitoring, observation
+ * - L1: Can suggest and recommend, but not modify
+ * - L2: Can prepare drafts and stage changes for review
+ * - L3: Can execute operations with human approval
+ * - L4: Self-directed operation within defined bounds
+ * - L5: Expanded autonomy with minimal oversight
+ * - L6: Independent operation with comprehensive audit trail
+ * - L7: Full autonomy for mission-critical operations
+ */
+export declare enum CapabilityLevel {
+    /** Read-only, monitoring - Can observe but not interact */
+    L0_OBSERVE = 0,
+    /** Advisory - Can suggest and recommend actions */
+    L1_ADVISE = 1,
+    /** Drafting - Can prepare changes for human review */
+    L2_DRAFT = 2,
+    /** Execute - Can execute with human approval */
+    L3_EXECUTE = 3,
+    /** Autonomous - Self-directed within bounds */
+    L4_AUTONOMOUS = 4,
+    /** Trusted - Expanded autonomy with minimal oversight */
+    L5_TRUSTED = 5,
+    /** Certified - Independent operation with audit trail */
+    L6_CERTIFIED = 6,
+    /** Autonomous - Full autonomy for mission-critical operations */
+    L7_AUTONOMOUS = 7
+}
+/**
+ * Array of all capability levels in ascending order.
+ */
+export declare const CAPABILITY_LEVELS: readonly [CapabilityLevel.L0_OBSERVE, CapabilityLevel.L1_ADVISE, CapabilityLevel.L2_DRAFT, CapabilityLevel.L3_EXECUTE, CapabilityLevel.L4_AUTONOMOUS, CapabilityLevel.L5_TRUSTED, CapabilityLevel.L6_CERTIFIED, CapabilityLevel.L7_AUTONOMOUS];
+/**
+ * Zod schema for CapabilityLevel enum validation.
+ */
+export declare const capabilityLevelSchema: z.ZodNativeEnum<typeof CapabilityLevel>;
+/**
+ * Human-readable names for capability levels.
+ */
+export declare const CAPABILITY_LEVEL_NAMES: Readonly<Record<CapabilityLevel, string>>;
+/**
+ * Short codes for capability levels (without the L prefix).
+ */
+export declare const CAPABILITY_LEVEL_CODES: Readonly<Record<CapabilityLevel, string>>;
+/**
+ * Detailed descriptions for each capability level.
+ */
+export declare const CAPABILITY_LEVEL_DESCRIPTIONS: Readonly<Record<CapabilityLevel, string>>;
+/**
+ * Capabilities granted at each level (cumulative).
+ */
+export declare const CAPABILITY_LEVEL_ABILITIES: Readonly<Record<CapabilityLevel, readonly string[]>>;
+/**
+ * Configuration for a capability level.
+ */
+export interface CapabilityLevelConfig {
+    /** The capability level */
+    readonly level: CapabilityLevel;
+    /** Short code (L0-L7) */
+    readonly code: string;
+    /** Human-readable name */
+    readonly name: string;
+    /** Detailed description */
+    readonly description: string;
+    /** Abilities granted at this level */
+    readonly abilities: readonly string[];
+    /** Whether human approval is required for actions */
+    readonly requiresApproval: boolean;
+    /** Whether this level can operate autonomously */
+    readonly canOperateAutonomously: boolean;
+    /** Minimum certification tier typically required */
+    readonly minCertificationTier: number;
+}
+/**
+ * Complete configuration for all capability levels.
+ */
+export declare const CAPABILITY_LEVEL_CONFIGS: Readonly<Record<CapabilityLevel, CapabilityLevelConfig>>;
+/**
+ * Checks if one level is higher than another.
+ *
+ * @param level - The level to check
+ * @param other - The level to compare against
+ * @returns True if level is higher than other
+ *
+ * @example
+ * ```typescript
+ * isLevelHigher(CapabilityLevel.L3_EXECUTE, CapabilityLevel.L2_DRAFT);  // true
+ * isLevelHigher(CapabilityLevel.L1_ADVISE, CapabilityLevel.L3_EXECUTE); // false
+ * ```
+ */
+export declare function isLevelHigher(level: CapabilityLevel, other: CapabilityLevel): boolean;
+/**
+ * Checks if one level is at least as high as another.
+ *
+ * @param level - The level to check
+ * @param minLevel - The minimum level required
+ * @returns True if level meets or exceeds minLevel
+ *
+ * @example
+ * ```typescript
+ * meetsLevel(CapabilityLevel.L3_EXECUTE, CapabilityLevel.L2_DRAFT);     // true
+ * meetsLevel(CapabilityLevel.L2_DRAFT, CapabilityLevel.L2_DRAFT);       // true
+ * meetsLevel(CapabilityLevel.L1_ADVISE, CapabilityLevel.L3_EXECUTE);    // false
+ * ```
+ */
+export declare function meetsLevel(level: CapabilityLevel, minLevel: CapabilityLevel): boolean;
+/**
+ * Compares two capability levels.
+ *
+ * @param a - First level
+ * @param b - Second level
+ * @returns -1 if a < b, 0 if equal, 1 if a > b
+ */
+export declare function compareLevels(a: CapabilityLevel, b: CapabilityLevel): -1 | 0 | 1;
+/**
+ * Gets the minimum of two capability levels.
+ *
+ * @param a - First level
+ * @param b - Second level
+ * @returns The lower level
+ */
+export declare function minLevel(a: CapabilityLevel, b: CapabilityLevel): CapabilityLevel;
+/**
+ * Gets the maximum of two capability levels.
+ *
+ * @param a - First level
+ * @param b - Second level
+ * @returns The higher level
+ */
+export declare function maxLevel(a: CapabilityLevel, b: CapabilityLevel): CapabilityLevel;
+/**
+ * Clamps a level to a range.
+ *
+ * @param level - The level to clamp
+ * @param min - Minimum allowed level
+ * @param max - Maximum allowed level
+ * @returns The clamped level
+ */
+export declare function clampLevel(level: CapabilityLevel, min?: CapabilityLevel, max?: CapabilityLevel): CapabilityLevel;
+/**
+ * Gets the configuration for a capability level.
+ *
+ * @param level - The capability level
+ * @returns Level configuration
+ */
+export declare function getLevelConfig(level: CapabilityLevel): CapabilityLevelConfig;
+/**
+ * Gets the human-readable name for a capability level.
+ *
+ * @param level - The capability level
+ * @returns Level name
+ */
+export declare function getLevelName(level: CapabilityLevel): string;
+/**
+ * Gets the short code (L0-L7) for a capability level.
+ *
+ * @param level - The capability level
+ * @returns Level code
+ */
+export declare function getLevelCode(level: CapabilityLevel): string;
+/**
+ * Gets the description for a capability level.
+ *
+ * @param level - The capability level
+ * @returns Level description
+ */
+export declare function getLevelDescription(level: CapabilityLevel): string;
+/**
+ * Checks if a level has a specific ability.
+ *
+ * @param level - The capability level
+ * @param ability - The ability to check
+ * @returns True if the level grants this ability
+ */
+export declare function hasAbility(level: CapabilityLevel, ability: string): boolean;
+/**
+ * Checks if a level requires approval for actions.
+ *
+ * @param level - The capability level
+ * @returns True if approval is required
+ */
+export declare function requiresApproval(level: CapabilityLevel): boolean;
+/**
+ * Checks if a level can operate autonomously.
+ *
+ * @param level - The capability level
+ * @returns True if autonomous operation is allowed
+ */
+export declare function canOperateAutonomously(level: CapabilityLevel): boolean;
+/**
+ * Parses a level string (e.g., "L3" or "3") to a CapabilityLevel.
+ *
+ * @param levelStr - Level string to parse
+ * @returns Parsed CapabilityLevel
+ * @throws Error if the string is not a valid level
+ *
+ * @example
+ * ```typescript
+ * parseLevel('L3');  // CapabilityLevel.L3_EXECUTE
+ * parseLevel('3');   // CapabilityLevel.L3_EXECUTE
+ * parseLevel('L0');  // CapabilityLevel.L0_OBSERVE
+ * ```
+ */
+export declare function parseLevel(levelStr: string): CapabilityLevel;
+/**
+ * Safely parses a level string, returning null on failure.
+ *
+ * @param levelStr - Level string to parse
+ * @returns Parsed CapabilityLevel or null
+ */
+export declare function tryParseLevel(levelStr: string): CapabilityLevel | null;
+/**
+ * Type guard to check if a value is a valid CapabilityLevel.
+ *
+ * @param value - Value to check
+ * @returns True if value is a valid CapabilityLevel
+ */
+export declare function isCapabilityLevel(value: unknown): value is CapabilityLevel;
+/**
+ * Zod schema for level configuration.
+ */
+export declare const capabilityLevelConfigSchema: z.ZodObject<{
+    level: z.ZodNativeEnum<typeof CapabilityLevel>;
+    code: z.ZodString;
+    name: z.ZodString;
+    description: z.ZodString;
+    abilities: z.ZodReadonly<z.ZodArray<z.ZodString, "many">>;
+    requiresApproval: z.ZodBoolean;
+    canOperateAutonomously: z.ZodBoolean;
+    minCertificationTier: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    code: string;
+    description: string;
+    level: CapabilityLevel;
+    abilities: readonly string[];
+    requiresApproval: boolean;
+    canOperateAutonomously: boolean;
+    minCertificationTier: number;
+}, {
+    name: string;
+    code: string;
+    description: string;
+    level: CapabilityLevel;
+    abilities: readonly string[];
+    requiresApproval: boolean;
+    canOperateAutonomously: boolean;
+    minCertificationTier: number;
+}>;
+/**
+ * Zod schema for parsing level strings.
+ */
+export declare const levelStringSchema: z.ZodEffects<z.ZodString, CapabilityLevel, string>;
+//# sourceMappingURL=levels.d.ts.map

package/dist/aci/levels.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"levels.d.ts","sourceRoot":"","sources":["../../src/aci/levels.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB;;;;;;;;;;;;;;GAcG;AACH,oBAAY,eAAe;IACzB,2DAA2D;IAC3D,UAAU,IAAI;IACd,mDAAmD;IACnD,SAAS,IAAI;IACb,sDAAsD;IACtD,QAAQ,IAAI;IACZ,gDAAgD;IAChD,UAAU,IAAI;IACd,+CAA+C;IAC/C,aAAa,IAAI;IACjB,yDAAyD;IACzD,UAAU,IAAI;IACd,yDAAyD;IACzD,YAAY,IAAI;IAChB,iEAAiE;IACjE,aAAa,IAAI;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,gPASpB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,qBAAqB,yCAEhC,CAAC;AAMH;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CASnE,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CASnE,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAiB1E,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC,CAkClF,CAAC;AAMX;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,2BAA2B;IAC3B,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC;IAChC,yBAAyB;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,2BAA2B;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,sCAAsC;IACtC,QAAQ,CAAC,SAAS,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC,qDAAqD;IACrD,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,kDAAkD;IAClD,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC;IACzC,oDAAoD;IACpD,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;CACvC;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAiFpF,CAAC;AAMX;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,eAAe,GAAG,OAAO,CAErF;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,eAAe,GAAG,OAAO,CAErF;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAIhF;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,GAAG,eAAe,CAEhF;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,eAAe,GAAG,eAAe,CAEhF;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CACxB,KAAK,EAAE,eAAe,EACtB,GAAG,GAAE,eAA4C,EACjD,GAAG,GAAE,eAA+C,GACnD,eAAe,CAEjB;AAMD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,eAAe,GAAG,qBAAqB,CAE5E;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,eAAe,GAAG,MAAM,CAE3D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,eAAe,GAAG,MAAM,CAE3D;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,eAAe,GAAG,MAAM,CAElE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAE3E;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAEhE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAEtE;AAMD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAS5D;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAMtE;AAMD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,eAAe,CAO1E;AAMD;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;EAStC,CAAC;AAEH;;GAEG;AACH,eAAO,MAAM,iBAAiB,oDAGQ,CAAC"}